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Commissioner for Patents 
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Alexandria, VA 22313-1450 



Sir/Madam: 

Further to the Notice of Appeal filed July 10, 2006, Appellants present this 
Appeal Brief. Per M.P.E.P. § 1207.04, no fee should be due since this is a 
reinstatement of the previous appeal of this application for which the appeal brief 
fee has already been paid. Appellants respectfully request that the Board of Patent 
Appeals and Interferences consider this appeal. 
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I, REAL PARTY IN INTEREST 



As evidenced by the assignment recorded at Reel/Frame 01 1070/0129, the subject 
appUcation is owned by Sun Microsystems, Inc., a corporation organized and existing 
under and by virtue of the laws of the State of Delaware, and now having its principal 
place of business at 4150 Network Circle, Santa Clara, CA 95054. 
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IL RELATED APPEALS AND INTERFERENCES 

No other appeals, interferences or judicial proceedings are known which would be 
related to, directly affect or be directly affected by or have a bearing on the Board's 
decision in this appeal. 
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III. STATUS OF CLAIMS 



Claims 1-7, 9-23, 25 - 39, and 41 - 47 stand finally rejected. Claims 8 are 
objected to as being dependent on rejected base claims but allowable if rewritten in 
independent form. The rejection of claims 1-7, 9-23, 25 - 39, and 41 - 47 is being 
appealed. A copy of claims 1-7, 9-23, 25 - 39, and 41 - 47 as currently pending is 
included in the Claims Appendix herein below. 
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IV. STATUS OF AMENDMENTS 

No amendments to the claims have been submitted subsequent to the final 
rejection. 
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V. SUMMARY OF CLAIMED SUBJECT MATTER 



Independent claim 1 is directed toward a method for accessing a service in a 
distributed computing environment in which a client locates a service within the 
distributed computing environment and requests a capability credential to allow the client 
access to a portion of the service's capabilities. The service provides a plurality of 
capabilities to clients executing in the distributed computing environment, hi distributed 
computing environments according to. some embodiments, service discovery protocols 
allow client to search for and locate services of varies types. For example, clients may 
send search messages or queries using data representation languages, such as XML, 
which may include search criteria, such as desired service name and/or service type. See, 
e.g., FIGs. 4, 6- 9, 12, page 25, line 27 - page 26, line 13; page 27, lines 22 - 30; page 
28, line 13 - page 29, line 16; page 29, line 26 - page 30. Service providers may respond 
to search queries by providing service advertisements or by providing information to 
allow client to access stored advertisements, such as via a URI or other address. A 
service provider may compare the client's search criteria against service advertisements 
to find advertisements that match the search criteria. Additionally, clients may search 
advertisements in spaces or space services. The advertisements may use data 
representation languages and may include information, such as an address or interface, 
allowing client to obtain credentials necessary for access the service. A service 
advertisement may either be a complete advertisement including schema information 
regarding messages usable to access the service, or a protected (or secure) advertisement 
not including such schema information. See, e.g., FIGs. 4, 6- 9, 12, 14-16, 18, 20, 22, 24, 
26a-b, 28, 29 and 41-43; page 25, line 27 - page 26, line 13; page 27, lines 22 - 30; page 
28, line 13 - page 29, line 16; page 29, line 26 - page 30, line 23; page 54, line 3 - 55, 
line 20; page 64, line 18 - page 65, line 20; page 90, line 27 - page 91, line 12; page 92, 
lines 16 - 29; page 106, lines 12-30; page 107, lines 3 - 28; page 108, lines 11-26; page 
111, line 16 - page 1 12, line 6; page 1 14, lines 13-23. 

A client may select a service and request a capability credential by sending (e.g., 
to a URI specified in a corresponding service advertisement) a capability credential 
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request message. The advertisement may include the address of an appropriate 
authentication service providing capability credentials. In some embodiments, the 
advertisement may include a schema or other information regarding messages to access 
the service. For instance, a service's message set may be defined using a data 
representation language schema, such as an XML schema, that defines each message 
format using typed tags. As part of requesting a capability credential, the client may 
indicate a set of desired capabilities. For example, a client may present the service a set 
of desired capabilities in the form of a secure advertisement. See, e.g., FIGs. 4, 6- 9, 12, 
14-16, 18, 20, 22, 24, 26a-b, 28, 29 and 41-43; page 29, line 26 - page 30, line 23; page 
55, lines 8-20; page 93, lines 1 - 24; page 102, lines 6 - 25; page 103, line 24 - page 104, 
line 17; page 107, lines 12-30. 

Additionally, the client receives a capabiHty credential indicating that the cHent 
has the right to use only the portion of the service's capabilities v^here the portion of the 
service's capabilities is less than a total of the capabilities provided by the first service. 
See, e.g., FIGs. 20, 22, 26a-b and 41-43; page 13, lines 21 - 30; page 14, lines 18 - 27. 
As noted above, a client requests a capability credential using a capability credential 
request message. A credential request message may be sent to an authentication service 
using a URI specified in a service's advertisement. The capability credential may be 
generated according to capabilities requested by the client and/or the client's level of 
authorization. Additionally, if the client received a protected service advertisement in 
response to its original search query, the client may also use the capability credential to 
obtain a complete advertisement. See, e.g., FIGs. 20, 22, 26a-b and 41-43; page 13, lines 
21 - 30; page 14, line 29 - page 15, line 13; page 38, lines 17-29; page 59, lines 16-25; 
page 60, lines 7-14; page 66, lines 16 - 26; page 75, lines 23 - 26; page 91, lines 1-12; 
page 104, line 21 - page 106, line 7. 

The client uses the capability credential to access portions of the service's 
capabilities. For instance, the client may use both the capability credential and the 
service advertisement to create a message gate for sending messages according to a 
schema in the service advertisement to access and use the service. In some embodiments, 
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the gate may include the capabiUty credential in each message to that the service can 
authenticate each message from the client. See, e,g., FIGs. 20, 22, 26a-b and 41-43; page 
30, line 27 - page 31, line 38, line 5; page 36, lines 5-12; page 45, lines 1 - 14; page 54, 
lines 13-21; page 75, lines 9-17; page 91, line 14 - page 92, line 7; page 98, line 23 - 
page 99, line 14. 

Independent claim 17 is directed toward a chent device that includes a connection 
to a distributed computing environment and an interface coupled to the connection that is 
configured to locate a service within the distributed computing environment. The first 
service provides a plurality of capabilities to clients executing in the distributed 
computing environment. In distributed computing environments according to some 
embodiments, service discovery protocols allow client to search for and locate services of 
varies types. For example, cUents may send search messages or queries using data 
representation languages, such as XML, which may include search criteria, such as 
desired service name and/or service type. See, e.g., FIGs. 4, 6- 9, 12, page 25, line 27 - 
page 26, line 13; page 27, lines 22 - 30; page 28, line 13 - page 29, line 16; page 29, line 

26 - page 30. Service providers may respond to search queries by providing service 
advertisements or by providing information to allow client to access stored 
advertisements, such as via a URI or other address. A service provider may compare the 
client's search criteria against service advertisements to find advertisements that match 
the search criteria. Additionally, clients may search advertisements in spaces or space 
services. The advertisements may use data representation languages and may include 
information, such as an address or interface, allowing client to obtain credentials 
necessary for access the service. A service advertisement may either be a complete 
advertisement including schema information regarding messages usable to access the 
service, or a protected (or secure) advertisement not including such schema information. 
See, e.g., FIGs. 4, 6- 9, 12, 14-16, 18, 20, 22, 24, 26a-b, 28, 29 and 41-43; page 25, line 

27 - page 26, line 13; page 27, lines 22 - 30; page 28, line 13 - page 29, line 16; page 29, 
line 26 - page 30, line 23; page 54, line 3 - 55, line 20; page 64, line 18 - page 65, line 
20; page 90, line 27 - page 91, line 12; page 92, lines 16 - 29; page 106, lines 12-30; 
page 107, lines 3 - 28; page 108, lines 11-26; page 111, line 16 - page 112, line 6; page 
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114, lines 13-23. 



The interface of the client device of claim 17 is configured to request a capability 
credential over the connection for a set of desired capabilities to allow a client on the 
client device access to a portion of the service's capabilities. A client may select a 
service and request a capability credential by sending (e.g., to a URI specified in a 
corresponding service advertisement) a capability credential request message. The 
advertisement may include the address of an appropriate authentication service providing 
capability credentials. In some embodiments, the advertisement may include a schema or 
other information regarding messages to access the service. For instance, a service's 
message set may be defined using a data representation language schema, such as an 
XML schema, that defines each message format using typed tags. As part of requesting a 
capability credential, the client may indicate a set of desired capabihties. For example, a 
client may present the service a set of desired capabilities in the form of a secure 
advertisement. See^ e.g., FIGs. 4, 6- 9, 12, 14-16, 18, 20, 22, 24, 26a-b, 28, 29 and 41-43; 
page 29, line 26 - page 30, line 23; page 55, lines 8-20; page 93, lines 1 - 24; page 102, 
lines 6 - 25; page 103, line 24 - page 104, line 17; page 107, lines 12-30. 

The client device interface is also configured to receive the capability credential 
over the connection. As with the capability credential described above regarding claim 1, 
the capability credential of claim 17 indicates that the client has the right to use only the 
portion of the service's capabilities, where the portion of the first services capabilities is 
less than the total of the capabilities provided by the first service. See, e.g., FIGs. 20, 22, 
26a-b and 41-43; page 13, lines 21-30; page 14, lines 18-27. As noted above, a chent 
requests a capabihty credential using a capability credential request message. A 
credential request message may be sent to an authentication service using a URI specified 
in a service's advertisement. The capability credential may be generated according to 
capabilities requested by the client and/or the client's level of authorization. 
Additionally, if the client received a protected service advertisement in response to its 
original search query, the client may also use the capability credential to obtain a 
complete advertisement. See, e.g., FIGs. 20, 22, 26a-b and 41-43; page 13, lines 21-30; 
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page 14, line 29 - page 15, line 13; page 38, lines 17-29; page 59, lines 16-25; page 60, 
lines 7-14; page 66, lines 16 - 26; page 75, lines 23 - 26; page 91, lines 1-12; page 104, 
line 21 - page 106, line 7. 

The interface is further configured to use the capability credential to access the 
portion of the service's capabilities. For instance, the client may use both the capability 
- credential and the service advertisement to create a message gate for sending messages 
according to a schema in the service advertisement to access and use the service. In some 
embodiments, the gate may include the capability credential in each message to that the 
service can authenticate each message from the client. See, e,g., FIGs. 20, 22, 26a-b and 
41-43; page 30, line 27 - page 31, line 38, line 5; page 36, lines 5-12; page 45, lines 1 - 
14; page 54, lines 13 - 21; page 75, lines 9-17; page 91, line 14 - page 92, line 7; page 
98, line 23 - page 99, line 14. 

Independent claim 33 is directed toward a tangible, computer accessible storage 
medium including program instructions that are computer-executable on a chent device 
to implement the method described above regarding claim 1 . A client locates a service 
within the distributed computing environment and requests a capability credential to 
allow the client access to a portion of the service's capabilities. The service provides a 
plurality of capabilities to clients executing in the distributed computing environment. In 
distributed computing environments according to some embodiments, service discovery 
protocols allow chent to search for and locate services of varies types. For example, 
cHents may send search messages or queries using data representation languages, such as 
XML, which may include search criteria, such as desired service name and/or service 
type. See, e.g., FIGs. 4, 6- 9, 12, page 25, line 27 - page 26, line 13; page 27, lines 22 - 
30; page 28, line 13 - page 29, line 16; page 29, line 26 - page 30. Service providers 
may respond to search queries by providing service advertisements or by providing 
information to allow chent to access stored advertisements, such as via a URI or other 
address. A service provider may compare the client's search criteria against service 
advertisements to find advertisements that match the search criteria. Additionally, clients 
may search advertisements in spaces or space services. The advertisements may use data 
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representation languages and may include information, such as an address or interface, 
allowing client to obtain credentials necessary for access the service. A service 
advertisement may either be a complete advertisement including schema information 
regarding messages usable to access the service, or a protected (or secure) advertisement 
not including such schema information. See, e.g., FIGs. 4, 6- 9, 12, 14-16, 18, 20, 22, 24, 
26a-b, 28, 29 and 41-43; page 25, line 27 - page 26, line 13; page 27, lines 22 - 30; page 
28, line 13 - page 29, line 16; page 29, line 26 - page 30, line 23; page 54, line 3 - 55, 
line 20; page 64, line 18 - page 65, line 20; page 90, line 27 - page 91, line 12; page 92, 
lines 16 - 29; page 106, lines 12-30; page 107, lines 3 - 28; page 108, lines 11-26; page 
111, line 16 -page 112, line 6; page 114, lines 13-23. 

A client may select a service and request a capability credential by sending (e.g., 
to a URI specified in a corresponding service advertisement) a capability credential 
request message. The advertisement may include the address of an appropriate 
authentication service providing capability credentials. In some embodiments, the 
advertisement may include a schema or other information regarding messages to access 
the service. For instance, a service's message set may be defined using a data 
representation language schema, such as an XML schema, that defines each message 
format using typed tags. As part of requesting a capability credential, the client may 
indicate a set of desired capabilities. For example, a client may present the service a set 
of desired capabihties in the form of a secure advertisement. See, e.g., FIGs. 4, 6- 9, 12, 
14-16, 18, 20, 22, 24, 26a-b, 28, 29 and 41-43; page 29, line 26 - page 30, line 23; page 
55, lines 8-20; page 93, lines 1 - 24; page 102, lines 6 - 25; page 103, line 24 - page 104, 
line 17; page 107, lines 12-30. 

Additionally, the client receives a capability credential indicating that the cUent 
has the right to use only the portion of the service's capabilities where the portion of the 
service's capabilities is less than a total of the capabilities provided by the first service. 
See, e.g., FIGs. 20, 22, 26a-b and 41-43; page 13, lines 21 - 30; page 14, lines 18 - 27. 
As noted above, a client requests a capability credential using a capability credential 
request message. A credential request message may be sent to an authentication service 
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using a URI specified in a service's advertisement. The capability credential may be 
generated according to capabilities requested by the client and/or the client's level of 
authorization. Additionally, if the client received a protected service advertisement in 
response to its original search query, the client may also use the capability credential to 
obtain a complete advertisement. See, e.g., FIGs. 20, 22, 26a-b and 41-43; page 13, lines 
21 - 30; page 14, line 29 - page 15, line 13; page 38, lines 17-29; page 59, lines 16-25; 
page 60, lines 7-14; page 66, lines 16 - 26; page 75, lines 23 - 26; page 91, lines 1-12; 
page 104, line 21 - page 106, line 7. 

The client uses the capability credential to access portions of the service's 
capabilities. For instance, the chent may use both the capability credential and the 
service advertisement to create a message gate for sending messages according to a 
schema in the service advertisement to access and use the service, hi some embodiments, 
the gate may include the capability credential in each message to that the service can 
authenticate each message from the chent. See, e.g., FIGs. 20, 22, 26a-b and 41-43; page 
30, line 27 - page 31, line 38, line 5; page 36, lines 5-12; page 45, lines 1 - 14; page 54, 
lines 13-21; page 75, lines 9-17; page 91, line 14 - page 92, line 7; page 98, line 23 - 
page 99, line 14. 

The summary above describes various examples and embodiments of the claimed 
subject matter; however, the claims are not necessarily limited to any of these examples 
and embodiments. The claims should be interpreted based on the wording of the 
respective claims. 
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VI. GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 



1. Claims 1, 2, 5, 6 and 9-16 stand finally rejected under 35 U.S.C. § 102(a) 
as being anticipated by Adams (U.S. Patent 6,718,470). 

2. Claims 3 and 7 stand finally rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Adams. 

3. Claim 4 stands finally rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Adams in view of Czerwinski et al. "An architecture for a Secure 
Service Discovery Service" (Hereinafter, Czerwinski). 

4. Claims 17-23, 25-39 and 41-47 stand finally rejected under 35 U.S.C. § 
102(a) as being anticipated by Adams. 

5. Claims 17-23, 25-39 and 41-47 stand finally rejected under 35 U.S.C. § 
103(a) as being unpatentable over Adams in view of Czerwinski. 
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VIL ARGUMENT 



First Ground of Rejection 

Claims 1, 2, 5, 6 and 9-16 stand finally rejected under 35 U.S.C. § 102(a) as being 
anticipated by Adams (U.S. Patent 6,718,470). Appellants traverse this rejection for at 
least the following reasons. Different groups of claims are addressed under their 
respective subheadings. 

Claims 1. 2 and 16 : 

Regarding claim 1, Adams fails to disclose a client receiving a capability 
credential that indicates that the client has the right to use only a portion of a 
servicers capabilities , wherein the portion is less that a total of the capabilities 
provided by the first service. Adams teaches a system for granting security privileges 
by providing test criteria data so that security privilege certificates (or other authorization 
credentials) may be selected from among multiple subscriber privilege data. Adams 
teaches that certificates, such as Kerberos tickets, privilege attribute certificates, or other 
public key certificates (Adams, column 7, lines 48-55) may be selected from among 
multiple privilege data based on test criteria supplied by a relying unit (such as a sofhvare 
application, computer node or other entity). A selector entity may search a common 
repository of security privilege certificates. The selector entity then returns any and all 
privilege data that meets the test criteria data. Thus, the selector unit may return 
multiple certificates, each of each meets the test criteria data. See, Adams, column 3, 
lines 26-59; column 4, lines 25-36; and column 5, lines 18-46. Adams does not mention 
anything about a selecting and returning a certificate that indicates a subscriber 
unit (client) has the right to use only an indicated portion of a services capabilities, 
which would be required for Adams to anticipate claim L fristead, Adams states that any 
matching attribute certificates are sent as privilege data (Adams, column 6, lines 65-67). 
The certificates in Adams do not indicate that a client has the right to use only a portion 
that is less than all of a service's provided capabilities. No mention is made in Adams of 
allowing access to only a portion of a service's capabilities. 
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The Examiner cites column 5, lines 14-32 of Adams and refers to Adams' 
teachings regarding a subscriber communicating a request for another appHcation 
controlled by a relying party and regarding a certificate selector analyzing a subscriber's 
attribute certificates to determine whether any of them contain privilege data that is 
consistent with privilege test criteria. However, the teachings of Adams relied on by 
the Examiner do not disclose a client receiving a capability credential that indicates 
that the client has the right to use only a portion of a service's capabilities, wherein 
the portion is less that a total of the capabilities provided by the first service. Instead, 
the Examiner's cited passage describes a particular manner in which Adams' system 
determines whether the subscriber certificates, such as data representing a subscriber 
unit's privilege status, meet the particular required privilege test criteria data. Adams 
teaches that privilege test criteria data indicates "the specific privilege information 
necessary for the relying party to grant privilege to a subscriber unit" (Adams, column 3, 
lines 47-51). Thus, the portions of Adams relied on by the Examiner are not referring to 
a capability credential indicating that a client has the right to use only a portion of a 
services capabilities. Instead, the cited portions of Adams are teaching a particular 
method of determining whether a subscriber's privilege status meets the particular 
privilege requirements of a relying unit. As noted above, the certificates in Adams do not 
indicate that a client has the right to use only a portion of a service's capabilities. In fact, 
Adams makes no mention regarding allowing access to only a portion of a service's 
capabilities. 

In the Advisory Action, the Examiner argues, "the privilege data returned by the 
selector entity indicates that the user has the right to use only certain portion of the 
service's capabilities." However, the Examiner's interpretation of Adams is 
incorrect. As described above, Adams' system determines whether subscriber 
certificates meet particular test criteria data. In other words, Adams' teaches that a 
subscriber's certificates are verified to ensure that the particular type of certificate is an 
approved type. For example, Adams teaches that the privilege test criteria data may 
indicate the specific privilege information necessary for the relying part to grant privilege 
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to the subscriber unit. The Examiner is merely speculating in hindsight regarding 
Adams' system. As noted above, nowhere does Adams make any mention whatsoever of 
a client receiving a capability credential that indicates that the client has the right to use 
only a portion of a service's capabilities, wherein the portion is less that a total of the 
capabilities provided by the first service. 

Moreover, Adams is not concerned with granting a client rights to use only a 
portion of a service's capabilities. Instead, Adams is concerned with minimizing the 
number of certificates that must be transferred and also with preventing privilege data 
from being sent to non-privilege parties (Adams, column 2, lines 58-61 and column 3, 
lines 41-44). Adams contrasts his systems with previous systems that require the 
subscriber to present all attribute certificates to the relying party. 

Anticipation requires the presence in a single prior art reference disclosure of each 
and every limitation of the claimed invention, arranged as in the claim . M.P.E.P 2131; 
Lindemann Maschinenfabrik GmbH v. American Hoist & Derrick Co., 221 USPQ 481, 
485 (Fed. Cir. 1984). The identical invention must be shown in as complete detail as is 
contained in the claims. Richardson v. Suzuki Motor Co., 9 USPQ2d 1913, 1920 (Fed. 
Cir. 1989). As discussed above, Adams clearly fails to disclose a cUent receiving a 
capability credential that indicates that the client has the right to use only a portion of a 
service's capabilities , wherein the portion is less that a total of the capabilities provided 
by the first service. Therefore, Adams cannot be said to anticipate claim 1 . 

Claim 5 : 

In regards to claim 5, Adams fails to disclose the client receiving an 
advertisement for the first service , wherein the advertisement describes the portion of the 
first service's capabilities . The Examiner admits that Adams makes "no specific mention 
of the advertisement" but asserts, "advertisement serves as a way of letting the user be 
aware of the service[s] available." The Examiner has clearly failed to provide a proper 
rejection of claim 5. By admitting that Adams does not disclose the use of an 
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advertisement, the Examiner has clearly admitted that Adams fails to anticipate claim 5. 
The Examiner's statement regarding how advertisements may serve as a way of letting a 
user know what services are available has absolutely no bearing on the fact that Adams 
fails to disclose anything about an advertisement for a service that describes a portion of 
the service's capabilities. The fact that Adam's system might benefit from the use of 
such an advertisement, as suggested by the Examiner, is irrelevant to a rejection based on 
anticipation (i.e. § 102). The Examiner's statement is also unsupported by any evidence 
of record. 

A claim is "anticipated only if each and every element as set forth in the claim is 
found, either expressly or inherently described, in a single prior art reference" (M.P.E.P. 
§ 2131). As admitted by the Examiner, Adams fails to disclose the use of an 
advertisement that describes a portion of the service's capabilities. Moreover, the 
Examiner has not shown that the use of advertisements is inherent in Adams' system. 
"To serve as an anticipation when the reference is silent about the asserted inherent 
characteristic, such gap in the reference may be filled with recourse to extrinsic evidence" 
and "[s]uch evidence must make clear that the missing descriptive matter is necessarily 
present in the thing described in the reference" (emphasis added, M.P.E.P. § 2131.01 III). 
As noted above and admitted by the Examiner, Adams makes no mention of 
advertisements, nor has the Examiner provided any evidence showing that advertisements 
are necessarily present in Adams' system. Instead, the Examiner has merely concluded 
that the use of an advertisement might be beneficial, which as stated above, is completely 
speculative and irrelevant. The Examiner is merely using hindsight speculation, which is 
clearly improper. 

In the Response to Arguments section of the Final Action and in the Advisory 
Action, the Examiner asserts that a subscriber request to access an application through 
Adams' relying party's website "indicates that the advertisement for certain services exist 
as to enable a subscriber to request privilege to use such service", citing column 5, lines 
14 - 18 of Adams. The Examiner further asserts, "Adams inherently disclose[s] these 
limitation[s] as they are [an] essential requirement for a subscriber to request certain 
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services provided by a relying party." Thus, the Examiner's argument is that the mere 
fact that a subscriber unit makes requests the use of a service inherently discloses the 
specific limitations of claim 5. The Examiner is incorrect. Even if Adams could be said 
to inherently disclose an advertisement, v^hich Appellants maintain he does not, the 
Examiner has still failed to show how Adams' system inherently includes a client 
receiving an advertisement that describes the portion of the service's capabilities. 

The Examiner's cited portion of Adams (column 5, lines 14 -18) merely states 
that a subscriber unit may communicate a request over a global network link to a website 
of a relying party request access to another appUcation controlled by the relying party to 
facilitate a financial transfer. The cited passage does not contain any teaching that may 
be considered to inherently include a client receiving an advertisement for a service that 
describes a portion of the service's capabilities. In fact, Adams does not describe 
anything about a client receiving any sort of information that describes a portion of a 
service's capabilities. Nor has the Examiner provided any explanation or interpretation 
of Adams that includes the subscriber unit, which the Examiner equates to the client of 
Applicants' claim, receiving any such information. Instead, the Examiner merely asserts 
that Adams' teachings inherently disclose the specific limitations of Applicant's claims. 

As noted above, the Examiner has not provided any extrinsic evidence that 
Adams' system necessarily includes a client receiving an advertisement for a service that 
describes a portion of the service's capabilities. Moreover, M.P.E.P, 2112 IV states, 
"[t]he fact that a certain result or characteristic may occur or be present in the prior art is 
not sufficient to establish the inherency of that resuU or characteristic" (imderlining in 
original). The Examiner's opinion that Adams' system inherently includes the use of 
advertisements "as a way of letting the user be away of the service available" or "to 
enable a subscriber to request privilege to use such service" are not extrinsic evidence 
that makes clear that the use of advertisements as recite in Applicants' claim 5 is 
necessarily present in Adams' system. 
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In further regard to claim 5, Adams fails to disclose that a client's indication of 
the set of desired capabilities comprises an indication of the advertisement . As noted 
above, Adams fails to mention anything about advertisements, as admitted by the 
Examiner. Furthermore, Adams does not mention anything about a client indicating a set 
of desired capabilities as part of requesting a capability credential, where the indication of 
the set of desired capabilities includes an indication of an advertisement for a service. 
As noted above, the Examiner has merely stated that the use of advertisements would be 
beneficial to Adams' system without showing that Adams' system actually includes the 
use of advertisements. The Examiner has not provided any argument, explanation, or 
evidence showing that Adams' system includes a client indicating a set of desired 
capabilities, where that indication includes an indication of an advertisement for a service 
providing those capabilities. 

The Examiner cites column 6, lines 31-67 of Adams and states, "the subscriber 
wants to access the relying party's service, but has to request [a] credential from the 
centralized privilege data selector by submitting the subscriber's identity and the relying 
party's identifier." The cited passage only mentions that a subscriber includes an 
identification of the relying party, but makes no mention of any indication of an 
advertisement that describes a portion of the first service's capabilities. Furthermore, the 
cited passage only teaches that Adams' subscriber unit includes the relying party's 
identifier when requesting a security certificate. The cited passage makes no mention of 
the client including an indication of an advertisement for a service as part of an indication 
of a set of desired capabilities, as required by Applicants' claim 5. Nor does the 
Examiner mention anything about Adams' subscriber including an indication of an 
advertisement for the service when indicating a set of desired capabilities. 

Thus, for at least the reasons above, the rejection of claim 5 is not supported by 
the cited art and removal thereof is respectfully requested. 
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Claim 6: 



Regarding claim 6, contrary to the Examiner's assertion, Adams fails to disclose 
where the indication of the advertisement is the advertisement itself The Examiner 
cites column 5, lines 14-18. However, the cited portion of Adams makes no mention of 
any indication of an advertisement, nor that such an indication of an advertisement is the 
advertisement itself. Instead, the cited passage states that a subscriber unit may 
communicate a request over a global network link to a website of a relying party 
requesting access to another application controlled by the relying party to facilitate a 
financial transfer. The cited passage provides no support for the Examiner's rejection of 
claim 6. Furthermore, in the rejection of claim 5, the Examiner admits that Adams makes 
no mention of advertisements. 

In the Response to Arguments and the Advisory Action, the Examiner asserts that 
the use of advertisements is inherent in Adams' system. The Examiner is incorrect. 
Please refer to the remarks above regarding claim 5 for a detailed discussion regarding 
the fact that Adams' system does not inherently disclose the limitations of Applicants' 
claims. Furthermore, the Examiner have failed to provide nay extrinsic evidence, 
citation, explanation or interpretation illustrating that a subscriber unit's request 
necessarily indicates a set of desired capabilities that includes an indication of an 
advertisement (as recited in claim 5) where the indication of the advertisement is the 
advertisement itself, as recited in claim 6. Following the Examiner's line of reasoning 
(that the use of advertisements are inherent in Adams' system) a subscriber's request 
would also have to inherently include an advertisement. There is nothing about Adams' 
system that inherently requires a subscriber unit to include an advertisement (of which 
Adams makes no mention) in an indication of capabilities as part of requesting a 
capability credential. The Examiner's interpretation is clearly incorrect. 

The Examiner has clearly failed to make a proper rejection of claim 6. The 
rejection of claim 6 is not supported by the cited art and removal thereof is respectfully 
requested. 
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Claim 9: 



Regarding claim 9, Adams does not disclose an advertisement that is a 
protected advertisement that describes the first service's capabilities but does not 
provide an interface to the first service's capabilities . The Examiner cites colunm 5, 
lines 14-18 where Adams teaches that a subscriber unit may send a request message to a 
website of a relying party to request access to another application controlled by the 
relying party to facilitate a financial transfer. As noted above regarding the rejection of 
claim 6, the cited passage makes no mention of any advertisements of any kind. 

The Examiner argues, "the website describes the service, and the service can be 
provided upon authentication." However, the Examiner is clearly speculating regarding 
the workings of Adams' system. Adams does not mention that the website describes any 
service provided by the relying party. The Examiner's speculation regarding the website 
is improper and irrelevant in a rejection based on anticipation. Additionally, the 
Examiner is ignoring the specific limitations (in claim 5, firom which claim 9 depends) 
regarding the client receiving the advertisement for the service and regarding where the 
client's indication of a set of desired capabilities includes an indication of the 
advertisement. The cited passage only mentions that a subscribing unit may send a 
request to a website. Adams does not mention anything about the subscribing unit 
including an indication of any website in an indication of a set of desired capabilities, as 
would be required according to the Examiner's rejection of claim 9. 

In the Response to Arguments, the Examiner asserts (erroneously) that use of 
advertisements is inherent in Adams' system. The Examiner fails to provide any 
argument, evidence or interpretation of Adams that includes a protected advertisement 
describing a service's capabilities, but not providing an interface to the service's 
capabilities. As described above regarding claim 5, the Examiner's line of reasoning is 
that since Adams' system includes a subscriber unit sending a request to access a service, 
Adams inherently includes the specific limitations of Applicants' claims. However, there 
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is nothing about Adams' system that necessarily requires a protected advertisement 
describing a service's capabiUties, but not providing an interface to the service's 
capabihties. The Examiner's interpretation is clearly incorrect. 

Thus, the rejection of claim 9 is not supported by the cited art and removal thereof 
is respectfully requested. 

Claims 10.11 and 12 : 

Adams fails to disclose a client receiving a protected advertisement for the first 
service, wherein the protected advertisement indicates an address for sending the 
capability credential request message to. The Examiner cites column 5, hnes 14-18 
and column 6, lines 31 - 49. Neither of the cited passage makes any mention of a cUent 
receiving a protected advertisement that indicates an address to which to sending a 
capability credential request message. The first cited passage states that a subscriber unit 
may communicate a request over a global network link to a website of a relying party 
requesting access to another application controlled by the relying party to facihtate a 
financial transfer. The second cited passage describes a centrahzed privilege data 
selector that "selects among privilege data for a plurality of subscribers." 

The Examiner considers the subscriber unit's request for access to an application 
controlled by the relying party the capability credential request message of claim 10. 
However, nowhere does Adams describe a protected advertisement that indicates an 
address to which the subscriber unit sends its request. 

Additionally, the Examiner has elsewhere (regarding the rejection of claims 5) 
admitted that Adams makes "no specific mention of the advertisement". The Examiner 
has provided no citation, argument or interpretation that Adams' system includes a 
protected advertisement, as described in claim 10. Since Adams is silent regarding a 
protected advertisement indicating an address for sending the capability credential 
request message to, Adams clearly fails to anticipate claim 10. 
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Claim 13: 



Adams fails to disclose a client receiving a protected advertisement for the first 
service, wherein said protected advertisement indicates an authentication service and 
wherein said requesting a capability credential comprises the client requesting a 
capability credential from the authentication service. The Examiner cites column 5, lines 
14 - 18 and column 6, lines 49 -67. However, as described previously, neither of these 
cited passages makes any mention of any advertisement fiirther fail to describe a 
protected advertisement that indicates an authentication service. 

The Examiner asserts, "the website describes the service, and the service can be 
provided upon authentication." However, the Examiner's statement is not based on the 
teachings of Adams. Nowhere does Adams teach that "the website described the 
service". In fact, the only mention in Adams teaches regarding the website states, "the 
subscriber unit 200 may communicate a request over a global network link to a Website 
of the relying party requesting access to another application controlled by the relying 
party to facilitate a financial transfer." Adams does not mention anything about the 
website describing the service. 

Moreover, whether or not Adams' website "describe[s] the service" and whether 
or not "the service can be provided upon authentication" is completely irrelevant to a 
client receiving a protected advertisement that indicates an authentication service. 
Presumably the Examiner is equating Adams' subscriber unit requesting access to 
"another application controlled by the relying party" with requesting a capability 
credential from an authentication service. However, a subscriber unit requesting access 
to an application does not disclose anything about a client receiving a protected 
advertisement for a service that indicates an authentication service. The Examiner has 
not cited any portion of Adams that discloses this limitation of claim 13. 
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Thus, the rejection of claim 13 is not supported by the cited art and removal 
thereof is respectfully requested. 

Claim 14 : 

Adams fails to disclose the authentication service determining a level of the 
first servicers capabilities that the client is authorized to use . The Examiner cites 
column 6, lines 49-67. However, the cited passage does not describe an authentication 
service determining a level of a service's capabilities that a client is authorized to use. 
histead, the cited passage describes a centralized privilege data selector that uses 
subscriber identification data to obtain attribute certificates from an attribute certificate 
repository. The centralized privilege data selector also uses relying party identification to 
obtain privilege test data. The centralized privilege data selector then determines whether 
there are any matching attribute certificates that satisfy the privilege test criteria data. 
Thus, Adams' centralized privilege data selector determines whether the repository 
includes any attribute certificates that match the test criteria data. 

However, the Adams' centralized privilege data selector does not have anything 
to do with determining a level of the service's capabilities that the client is authorized to 
use. As Adams states, a privilege data selector selects among a plurality of attribute 
certificates associated with a selected subscriber unit and that the privilege test criteria 
data may be generated by the relying party to indicate the specific privilege information 
necessary for the relying party to grant privilege to a subscriber unit (Adams, column 3, 
lines 44-51). In other words, the relying party indicates, by generating privilege test 
criteria data, what sort of privilege data is required to grant a subscriber unit privilege and 
the privilege data selector selects attribute certificates that match the test criteria data. 
Adams' centralized privilege data selector does not determine a level of a service's 
capabilities that a client is authorized to use. Instead, it merely determines which 
attribute certificates for a subscriber unit match the privilege test criteria data provided by 
the relying party. 
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Furthermore, Adams fails to disclose the authentication service sending the 
capability credential to the client, where the portion of the servicers capabilities that 
the capability credential indicates that the client has a right to use is no more than 
the set of desired capabilities . The Examiner cites 6, lines 58 - 67. The Examiner 
equates the attribute certificates returned by Adams' privilege data selector with the 
capability credential of claim 13. However, Adams does not disclose that the portion of a 
service's capabilities that a returned attribute certificate indicates that the subscriber unit 
has a right to use is no more than the set of desired capabilities. Adams teaches only that 
his privilege data selector returns attribute certificates that match a particular set of 
privilege criteria test data. 

Thus, the rejection of claim 14 is not supported by the cited art and removal 
thereof is respectfully requested. 

Claim 15 ; 

Adams fails to disclose wherein the portion of the first service's capabilities 
that the capability credential indicates that the client has a right to use is the lesser 
of the level of the first service's capabilities that the client is authorized to use and 
the set of desired capabilities . The Examiner again cites column 6, lines 49 - 67, where 
Adams describes the centralized privilege data selector that returns attribute certificates 
that match privilege criteria test data. However, the cited passage does not describe that 
the attribute certificates indicate a portion of a service's capabilities that a client has a 
right to use as being the lesser of the level of the service's capabilities that the client is 
authorized to use and the set of desired capabilities. In fact nowhere does Adams teach 
anything regarding this limitation of claim 15. The Examiner is merely speculating 
regarding the workings of Adams' system, which is clearly improper. 

Since Adams is silent regarding that the portion of the first service's 
capabilities that the capability credential indicates that the client has a right to use is 
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the lesser of the level of the first servicers capabilities that the client is authorized to 

use and the set of desired capabilities , Adams clearly fails to anticipate claim 15. 

Second Ground of Rejection 

-Claims 3 and 7 stand finally rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Adams. Appellants traverse this rejection for at least the reasons 
presented regarding their respective independent claims. 

Claim 7 : 

Further regarding claim 7, the Examiner has failed to provide a proper motivation 
for modifying the system of Adams' to use a URL In fact, the Examiner fails to provide 
any motivation at all. Instead, the Examiner merely states that it would have been 
obvious "because URI is standard identifier for accessing a website or advertisement." 
However the Examiner also admitted (regarding claim 5) that Adams fails to disclose the 
use of an advertisement. In the rejection of claim 5, the Examiner argues that an 
"advertisement serves as a way of letting the user be aware of the service available". 
Thus, the Examiner is now arguing that it would have been obvious to include a URI to 
an advertisement that is not taught by Adams. 

Moreover, as noted in the M.P.E.P. at 2144.03, "it is never appropriate to rely 
solely on 'common knowledge" in the art without evidentiary support in the record". 
See, Zurko, 258 F.3d at 1386, 59 USPQ2d at 1697; Ahlert, 424 F.2d at 1092, 165 USPQ 
421. That is precisely the case here, the Examiner has merely stated that it would be 
obvious to modify Adams to use a URI to an advertisement (that is even taught by 
Adams) because "URI is standard identifier for accessing a website or advertisement". 
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Third Ground of Rejection : 



Claim 4 stands finally rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Adams in view of Czerwinski et al. "An architecture for a Secure Service Discovery 
Service" (Hereinafter, Czerw^inski). Appellants traverse the rejection of claim 4 for at 
least the reasons presented regarding its independent claim. 

Fourth Ground of Rejection 

Claims 17-23, 25-39 and 41-47 stand finally rejected under 35 U.S.C. § 102(a) as 
being anticipated by Adams. Appellants traverse this rejection for at least the follov^ing 
reasons. Different groups of claims are addressed under their respective subheadings. 

Claims 17. 18, 31. 33. 34 and 47 : 

Regarding claim 17, Adams fails to disclose an interface configured to receive 
over the connection a capability credential that indicates that the client has the right 
to use only a portion of a servicers capabilities , wherein the portion is less that a 
total of the capabilities provided by the first service. As described above regarding 
claim 1, Adams teaches a system for granting security privileges by providing test criteria 
data so that security privilege certificates (or other authorization credentials) may be 
selected from among multiple subscriber privilege data. Adams teaches that certificates, 
such as Kerberos tickets, privilege attribute certificates, or other public key certificates 
(Adams, column 7, lines 48-55) may be selected from among multiple privilege data 
based on test criteria supplied by a relying unit (such as a software application, computer 
node or other entity). A selector entity may search a common repository of security 
privilege certificates. The selector entity then returns any and all privilege data that 
meets the test criteria data. Thus, the selector unit may return multiple certificates, each 
of each meets the test criteria data. See, Adams, column 3, lines 26-59; column 4, lines 
25-36; and column 5, lines 18-46. Adams does not mention anything about a selecting 
and returning a certificate that indicates a subscriber unit (client) has the right to 
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use only an indicated portion of a services capabilities, which would be required for 
Adams to anticipate claim L Instead, Adams states that any matching attribute 
certificates are sent as privilege data (Adams, column 6, lines 65-67). The certificates in 
Adams do not indicate that a cUent has the right to use only a portion that is less than all 
of a service's provided capabilities. No mention is made in Adams of allowing access to 
only a portion of a service's capabilities. 

The Examiner cites column 5, lines 14-32 of Adams and refers to Adams' 
teachings regarding a subscriber communicating a request for another application 
controlled by a relying party and regarding a certificate selector analyzing a subscriber's 
attribute certificates to determine whether any of them contain privilege data that is 
consistent with privilege test criteria. However, the teachings of Adams relied on by 
the Examiner do not disclose an interface configured to receive a capability 
credential that indicates that the client has the right to use only a portion of a 
service's capabilities, wherein the portion is less that a total of the capabilities 
provided by the first service. Instead, the Examiner's cited passage describes a 
particular manner in which Adams' system determines whether the subscriber 
certificates, such as data representing a subscriber unit's privilege status, meet the 
particular required privilege test criteria data. Adams teaches that privilege test criteria 
data indicates "the specific privilege information necessary for the relying party to grant 
privilege to a subscriber unif (Adams, column 3, lines 47-51). Thus, the portions of 
Adams relied on by the Examiner are not referring to a capability credential indicating 
that a client has the right to use only a portion of a services capabiUties. histead, the cited 
portions of Adams are teaching a particular method of determining whether a subscriber's 
privilege status meets the particular privilege requirements of a relying unit. As noted 
above, the certificates in Adams do not indicate that a client has the right to use only a 
portion of a service's capabilities. In fact, Adams makes no mention regarding allowing 
access to only a portion of a service's capabilities. 

In the Advisory Action, the Examiner argues, "the privilege data returned by the 
selector entity indicates that the user has the right to use only certain portion of the 
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service's capabilities." However, the Examiner's interpretation of Adams is 
incorrect. As described above, Adams' system detemiines whether subscriber 
certificates meet particular test criteria data. In other words, Adams' teaches that a 
subscriber's certificates are verified to ensure that the particular type of certificate is an 
approved type. For example, Adams teaches that the privilege test criteria data may 
indicate the specific privilege information necessary for the relying part to grant privilege 
to the subscriber unit. The Examiner is merely speculating in hindsight regarding 
Adams' system. As noted above, nowhere does Adams make any mention whatsoever of 
an interface configured to receive over the connection a capability credential that 
indicates that the client has the right to use only a portion of a service's capabilities, 
wherein the portion is less that a total of the capabilities provided by the first service. 

Moreover, Adams is not concerned with granting a client rights to use only a 
portion of a service's capabilities. Instead, Adams is concerned with minimizing the 
number of certificates that must be transferred and also with preventing privilege data 
fi*om being sent to non-privilege parties (Adams, column 2, Unes 58-61 and colunrn 3, 
lines 41-44). Adams contrasts his systems with previous systems that require the 
subscriber to present all attribute certificates to the relying party. 

Anticipation requires, the presence in a single prior art reference disclosure of each 
and everv limitation of the claimed invention, arranged as in the claim . M.P.E.P 2131; 
Lindemann Maschinenfabrik GmbH v. American Hoist & Derrick Co,, 221 USPQ 481, 
485 (Fed. Cir. 1984). The identical invention must be shown in as complete detail as is 
contained in the claims. Richardson v. Suzuki Motor Co., 9 USPQ2d 1913, 1920 (Fed. 
Cir. 1989). As discussed above, Adams clearly fails to disclose an interface configured 
to receive of the connection a capability credential that indicates that the client has the 
right to use only a portion of a service's capabilities , wherein the portion is less that a 
total of the capabilities provided by the first service. Therefore, Adams cannot be said to 
anticipate claim 17. 
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Claims 19 and 35: 



In regards to claims 19 and 35, Adams does not disclose that the identification of 
the first service comprises a Universal Unique Identifier (UUID). The Examiner does not 
cite any portion Adams that discloses this limitation of claim 19. Instead, the Examiner 
merely states, that "claims 17-23 ... encompass the same scope as claims 1-7..." and 
therefore that "claims 17-23 ... are rejected based on the same reasons set forth in 
rejecting claims 1-7...". However, claim 3, the rejection of v^hich the Examiner is 
relying on for the rejection of claims 19 and 35, is not rejected under 102(a) as being 
anticipated by Adams. Instead, claim 3 is rejected under 103(a) over Adams. Thus, the 
35 U.S.C. § 102(a) rejection of claims 19 and 35 is improper. 

Claims 20 and 36 : 

In regards to claims 20 and 36, Adams does not disclose that capability credential 
request message is formatted in extensible Markup Language (XML). The Examiner 
does not cite any portion Adams that discloses this limitation of claims 20 and 36. 
Instead, the Examiner merely states, that "claims 17-23 ... encompass the same scope as 
claims 1-7. . ." and therefore that "claims 17-23 ... are rejected based on the same reasons 
set forth in rejecting claims 1-7...". However, claim 4, the rejection of which the 
Examiner is relying on for the rejection of claims 20 and 36, is not rejected under 102(a) 
as being anticipated by Adams. Instead, claim 4 is rejected under 103(a) as being 
unpatentable over Adams in view of Czerwinski. Thus, the 35 U.S.C. § 102(a) rejection 
of claims 20 and 36 is improper. 

Claims 21 and 37 ; 

In regards to claim 21, Adams fails to disclose that the interface is configured to 
receive an advertisement for the first service , wherein the advertisement describes the 
portion of the first service's capabilities . The Examiner admits that Adams makes "no 
specific mention of the advertisement" but asserts, "advertisement serves as a way of 
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letting the user be aware of the service[s] available." The Examiner has clearly failed to 
provide a proper rejection of claim 5. By admitting that Adams does not disclose the use 
of an advertisement, the Examiner has clearly admitted that Adams fails to anticipate 
claim 5. The Examiner's statement regarding how advertisements may serve as a way of 
letting a user know what services are available has absolutely no bearing on the fact that 
Adams fails to disclose anything about an advertisement for a service that describes a 
portion of the service 's capabilities. The fact that Adam's system might benefit from the 
use of such an advertisement, as suggested by the Examiner, is irrelevant to a rejection 
based on anticipation (i.e. § 102). The Examiner's statement is also unsupported by any 
evidence of record. 

A claim is "anticipated only if each and every element as set forth in the claim is 
found, either expressly or inherently described, in a single prior art reference" (M.P.E.P. 
§ 2131). As admitted by the Examiner, Adams fails to disclose the use of an 
advertisement that describes a portion of the service's capabilities. Moreover, the 
Examiner has not shown that the use of advertisements is inherent in Adams' system. 
"To serve as an anticipation when the reference is silent about the asserted inherent 
characteristic, such gap in the reference may be filled with recourse to extrinsic evidence" 
and "[s]uch evidence must make clear that the missing descriptive matter is necessarily 
present in the thing described in the reference" (emphasis added, M.P.E.P. § 2131.01 III). 
As noted above and admitted by the Examiner, Adams makes no mention of 
advertisements, nor has the Examiner provided any evidence showing that advertisements 
are necessarily present in Adams' system. Instead, the Examiner has merely concluded 
that the use of an advertisement might be beneficial, which as stated above, is completely 
speculative and irrelevant. The Examiner is merely using hindsight speculation, which is 
clearly improper. 

In the Response to Arguments and the Advisory Action, the Examiner asserts 
that a subscriber request to access an application through Adams' relying party's website 
"indicates that the advertisement for certain services exist as to enable a subscriber to 
request privilege to use such service", citing coliunn 5, lines 14-18 of Adams. The 
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Examiner further asserts, "Adams inherently disclose [s] these limitation[s] as they are 
[an] essential requirement for a subscriber to request certain services provided by a 
relying party." Thus, the Examiner's argument is that the mere fact that a subscriber unit 
makes requests the use of a service inherently discloses the specific limitations of claim 
5. The Examiner is incorrect. Even if Adams could be said to inherently disclose an 
advertisement, v^hich Appellants maintain he does not, the Examiner has still failed to 
show how Adams' system inherently includes a client receiving an advertisement that 
describes the portion of the service's capabilities. 

The Examiner's cited portion of Adams (column 5, lines 14-18) merely states 
that a subscriber unit may communicate a request over a global network link to a website 
of a relying party request access to another application controlled by the relying party to 
facilitate a financial transfer. The cited passage does not contain any teaching that may 
be considered to inherently include a client receiving an advertisement for a service that 
describes a portion of the service's capabilities. In fact, Adams does not describe 
anything about a client receiving any sort of information that describes a portion of a 
service's capabilities. Nor has the Examiner provided any explanation or interpretation 
of Adams that includes the subscriber unit, which the Examiner equates to the client of 
Applicants' claim, receiving any such information. Instead, the Examiner merely asserts 
that Adams' teachings inherently disclose the specific limitations of Applicant's claims. 

As noted above, the Examiner has not provided any extrinsic evidence that 
Adams' system necessarily includes a client receiving an advertisement for a service that 
describes a portion of the service's capabilities. Moreover, M.P.E.P. 2112 IV states, 
"[t]he fact that a certain result or characteristic may occur or be present in the prior art is 
not sufficient to establish the inherency of that result or characteristic" (underlining in 
original). The Examiner's opinion that Adams' system inherently includes the use of 
advertisements "as a way of letting the user be away of the service available" or "to 
enable a subscriber to request privilege to use such service" are not extrinsic evidence 
that makes clear that the use of advertisements as recite in Applicants' claim 5 is 
necessarily present in Adams' system. 
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In further regard to claim 21, Adams fails to disclose that the indication of the 
set of desired capabilities comprises an indication of the advertisement . As noted 
above, Adams fails to mention anything about advertisements, as admitted by the 
Examiner. Furthermore, Adams does not mention anything about a client indicating a set 
of desired capabilities as part of requesting a capability credential, where the indication of 
the set of desired capabilities includes an indication of an advertisement for a service. 
As noted above, the Examiner has merely stated that the use of advertisements would be 
beneficial to Adams' system without showing that Adams' system actually includes the 
use of advertisements. The Examiner has not provided any argument, explanation, or 
evidence showing that Adams' system includes a client indicating a set of desired 
capabilities, where that indication includes an indication of an advertisement for a service 
providing those capabilities. 

The Examiner cites column 6, lines 31-67 of Adams and states, "the subscriber 
wants to access the relying party's service, but has to request [a] credential from the 
centralized privilege data selector by submitting the subscriber's identity and the relying 
party's identifier." The cited passage only mentions that a subscriber includes an 
identification of the relying party, but makes no mention of any indication of an 
advertisement that describes a portion of the first service's capabilities. Furthermore, the 
cited passage only teaches that Adams' subscriber unit includes the relying party's 
identifier when requesting a security certificate. The cited passage makes no mention of 
the client including an indication of an advertisement for a service as part of an indication 
of a set of desired capabilities, as required by Applicants' claim 5. Nor does the 
Examiner mention anything about Adams' subscriber including an indication of an 
advertisement for the service when indicating a set of desired capabilities. 

Thus, for at least the reasons above, the rejection of claim 21 is not supported by 
the cited art and removal thereof is respectfully requested. 
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Claims 22 and 38: 



Regarding claim 22, contrary to the Examiner's assertion, Adams fails to 
disclose where the indication of the advertisement is the advertisement itself . The 

Examiner cites column 5, lines 14-18. However, as described above regarding claim 6, 
the cited portion of Adams makes no mention of any indication of an advertisement, nor 
that such an indication of an advertisement is the advertisement itself. Instead, the cited 
passage states that a subscriber unit may communicate a request over a global network 
link to a website of a relying party requesting access to another application controlled by 
the relying party to facilitate a financial transfer. The cited passage provides no support 
for the Examiner's rejection of claim 6. Furthermore, in the rejection of claim 5, the 
Examiner admits that Adams makes no mention of advertisements. 

In the Response to Arguments and the Advisory Action, the Examiner asserts that 
the use of advertisements is inherent in Adams' system. The Examiner is incorrect. 
Please refer to the remarks above regarding claim 21 for a detailed discussion regarding 
the fact that Adams' system does not inherently disclose the limitations of Applicants' 
claims. Furthermore, the Examiner have failed to provide nay extrinsic evidence, 
citation, explanation or interpretation illustrating that a subscriber unit's request 
necessarily indicates a set of desired capabilities that includes an indication of an 
advertisement (as recited in claim 5) where the indication of the advertisement is the 
advertisement itself, as recited in claim 6. Following the Examiner's line of reasoning 
(that the use of advertisements are inherent in Adams' system) a subscriber's request 
would also have to inherently include an advertisement. There is nothing about Adams' 
system that inherently requires a subscriber unit to include an advertisement (of which 
Adams makes no mention) in an indication of capabilities as part of requesting a 
capability credential. The Examiner's interpretation is clearly incorrect. 

The Examiner has clearly failed to make a proper rejection of claim 22. The 
rejection of claim 22 is not supported by the cited art and removal thereof is respectfully 
requested. 
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Claims 23 and 39: 



In regards to claim 23, Adams does not disclose that the indication of said 
advertisement is a Uniform Resource Identifier (URI) to said advertisement. The 

Examiner does not cite any portion Adams that discloses this limitation of claim 23. 
Instead, the Examiner merely states, that "claims 17-23 ... encompass the same scope as 
claims 1-7..." and therefore that "claims 17-23 ... are rejected based on the same reasons 
set forth in rejecting claims 1-7...". However, claim 7, the rejection of which the 
Examiner is relying on for the rejection of claim 23, is not rejected under 102(a) as being 
anticipated by Adams. Instead, claim 7 is rejected under 103(a) over Adams. Thus, the 
35 U.S.C. § 102(a) rejection of claim 23 is improper. 

Claims 25 and 41 : 

Regarding claim 25, Adams does not disclose an advertisement that is a 
protected advertisement that describes the first servicers capabilities but does not 
provide an interface to the first service's capabilities . The Examiner cites column 5, 
lines 14-18 where Adams teaches that a subscriber unit may send a request message to a 
website of a relying party to request access to another application controlled by the 
relying party to facilitate a financial transfer. As noted above regarding the rejection of 
claim 6, the cited passage makes no mention of any advertisements of any kind. 

The Examiner argues, "the website describes the service, and the service can be 
provided upon authentication." However, the Examiner is clearly speculating regarding 
the workings of Adams' system. Adams does not mention that the website describes any 
service provided by the relying party. The Examiner's speculation regarding the website 
is improper and irrelevant in a rejection based on anticipation. Additionally, the 
Examiner is ignoring the specific limitations (in claim 21, from which claim 25 depends) 
regarding the client receiving the advertisement for the service and regarding where the 
client's indication of a set of desired capabilities includes an indication of the 
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advertisement. The cited passage only mentions that a subscribing unit may send a 
request to a website. Adams does not mention anything about the subscribing unit 
including an indication of any website in an indication of a set of desired capabilities, as 
would be required according to the Examiner's rejection of claim 25. 

In the Response to Arguments, the Examiner asserts (erroneously) that use of 
advertisements is inherent in Adams' system. The Examiner fails to provide any 
argument, evidence or interpretation of Adams that includes a protected advertisement 
describing a service's capabilities, but not providing an interface to the service's 
capabilities. As described above regarding claim 21, the Examiner's line of reasoning is 
that since Adams' system includes a subscriber unit sending a request to access a service, 
Adams inherently includes the specific limitations of Applicants' claims. However, there 
is nothing about Adams' system that necessarily requires a protected advertisement 
describing a service's capabilities, but not providing an interface to the service's 
capabilities. The Examiner's interpretation is clearly incorrect. 

Thus, the rejection of claim 25 is not supported by the cited art and removal 
thereof is respectfully requested. 

Claims 26. 27. 28, 42. 43 and 44 : 

Adams fails to disclose that the interface is configured to receive a protected 
advertisement for the first service, wherein the protected advertisement indicates an 
address for sending the capability credential request message to. The Examiner cites 
column 5, lines 14-18 and column 6, lines 31-49. Neither of the cited passage makes 
any mention of a client receiving a protected advertisement that indicates an address to 
which to sending a capability credential request message. The first cited passage states 
that a subscriber unit may communicate a request over a global network link to a website 
of a relying party requesting access to another application controlled by the relying party 
to facilitate a financial transfer. The second cited passage describes a centralized 
privilege data selector that "selects among privilege data for a plurality of subscribers." 
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The Examiner considers the subscriber unit's request for access to an appHcation 
controlled by the relying party the capability credential request message of claim 10. 
However, nowhere does Adams describe a protected advertisement that indicates an 
address to which the subscriber unit sends its request. 

Additionally, the Examiner has elsewhere (regarding the rejection of claims 5) 
admitted that Adams makes "no specific mention of the advertisement". The Examiner 
has provided no citation, argument or interpretation that Adams' system includes a 
protected advertisement, as described in claim 26. Since Adams is silent regarding a 
protected advertisement indicating an address for sending the capability credential 
request message to, Adams clearly fails to anticipate claim 26. 

Claims 29 and 45 : 

Adams fails to disclose a the interface configured to receive a protected 
advertisement for the first service, wherein said protected advertisement indicates 
an authentication service and request a capability credential by requesting a 
capability credential from the authentication service. The Examiner cites column 5, 
lines 14-18 and column 6, lines 49 -67. However, as described previously, neither of 
these cited passages makes any mention of any advertisement further fail to describe a 
protected advertisement that indicates an authentication service. 

The Examiner asserts, "the website describes the service, and the service can be 
provided upon authentication." However, the Examiner's statement is not based on the 
teachings of Adams. Nowhere does Adams teach that "the website described the 
service". In fact, the only mention in Adams teaches regarding the website states, "the 
subscriber unit 200 may communicate a request over a global network link to a Website 
of the relying party requesting access to another application controlled by the relying 
party to facilitate a financial transfer." Adams does not mention anything about the 
website describing the service. 
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Moreover, whether or not Adams' website "describe[s] the service" and whether 
or not "the service can be provided upon authentication" is completely irrelevant to 
receiving a protected advertisement that indicates an authentication service. Presumably 
the Examiner is equating Adams' subscriber unit requesting access to "another 
application controlled by the relying party" with requesting a capability credential from 
an authentication service. However, a subscriber unit requesting access to an appUcation 
does not disclose anything about receiving a protected advertisement for a service that 
indicates an authentication service. The Examiner has not cited any portion of Adams 
that discloses this limitation of claim 29. 

Thus, the rejection of claim 29 is not supported by the cited art and removal 
thereof is respectfully requested. 

Claims 30 and 46 : 

Adams fails to disclose wherein the portion of the first service's capabilities 
that the capability credential indicates that the client has a right to use is the lesser 
of the level of the first service's capabilities that the client is authorized to use and 
the set of desired capabilities . The Examiner again cites column 6, lines 49 - 67, where 
Adams describes the centralized privilege data selector that returns attribute certificates 
that match privilege criteria test data. However, the cited passage does not describe that 
the attribute certificates indicate a portion of a service's capabilities that a client has a 
right to use as being the lesser of the level of the service's capabilities that the client is 
authorized to use and the set of desired capabilities, hi fact nowhere does Adams teach 
anything regarding this limitation of claim 15. The Examiner is merely speculating 
regarding the workings of Adams' system, which is clearly improper. 

Since Adams is silent regarding that the portion of the first service's 
capabilities that the capability credential indicates that the client has a right to use is 
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the lesser of the level of the first service's capabilities that the client is authorized to 

use and the set of desired capabilities , Adams clearly fails to anticipate claim 30. 

Fifth Ground of Rejection 

Claims 17-23, 25-39 and 41-47 stand finally rejected under 35 U.S.C. § 103(a) as 
being unpatentable over Adams. Appellants traverse this rejection for at least the reasons 
given above regarding their respective independent claims. 

Claims 17-23. 25-39 and 41-47 : 

Regarding the alternative § 103(a) rejection of claims 17-23, 25-39 and 41-47, the 
Examiner has failed to provide a proper rejection. The Examiner states, "claims 17-23, 
25-39, and 41-47 encompass the same scope as claims 1-7 and 9-16" and that "claims 17- 
23, 25-39, and 41-47 are rejected based on the same reasons set forth in rejecting claims 
1-7 and 9-16." However, claims 1-3, 5-7 and 9-16 are not rejected under § 103(a) as 
being unpatentable over Adams in view of Czerwinski. Thus, the Examiner has 
failed to provide a prima facie § 103(a) rejection of claims 17-23, 25-39 and 41-47. 

It has been very well established that to establish a prima facie case of 
obviousness (e.g. a proper § 103(a) rejection) three basic criteria must be met. First, 
there must be some suggestion or motivation to modify the reference or to combine 
reference teachings. Second, there must be a reasonable expectation of success. Finally, 
the prior art reference(s) must teach or suggest all the claim limitations. (See, M.P.E.P. § 
2143). The Examiner has not met any of the three basic requirements of a proper § 
103(a) rejection of claims 17 and 33. Furthermore, the Examiner "bears the initial burden 
of factually supporting any prima facie conclusion of obviousness." If the Examiner does 
not produce a prima facie case, "the applicant is under no obligation to submit evidence 
of nonobviousness." (see, M.P.E.P. § 2142), 
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Applicants also note that deficiencies of Czerwinski in regard to independent 
claims 17 and 33 are discussed in Applicants' previously filed Appeal Brief from 
which the Examiner reopened prosecution with the current rejection. For the 

reasons stated above in regard to Adams and the reasons stated in the previous Appeal 
Brief in regard to Czerwinski, it is clear that neither Adams nor Czerwinski, alone or in 
combination, teaches or suggests all the limitations of independent claims 17 and 33. 

Thus, for at least the reasons presented above, the rejection of independent claims 
17 and 33 is not supported by the cited art and removal thereof is respectfully requested. 
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CONCLUSION 



For the foregoing reasons, it is submitted that the Examiner's rejection of claims 
1-47 was erroneous, and reversal thereof is respectfully requested. 

The Commissioner is authorized to charge the appeal brief fee of $500.00 and any 
other fees that may be due to Meyertons, Hood, Kivlin, Kowert, & Goetzel, P.C. Deposit 
Account No. 501505/5181-70400/RCK. This Appeal Brief is submitted with a return 
receipt postcard. 



Meyertons, Hood, Kivlin, Kowert & Goetzel, P.C. 

P.O. Box 398 

Austin, TX 78767-0398 

(512) 853-8850 

Date: September 1 K 2006 



Respectfully submitted. 




Robert C. Kowert 
Reg. No. 39,255 
Attorney for Appellants 
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VIII. CLAIMS APPENDIX 



The claims on appeal are as follows. 

1. A method for accessing a service in a distributed computing environment, 
comprising: 

a client locating a first service v^ithin the distributed computing environment^ 
wherein the first service provides a plurality of capabilities to clients 
executing in the distributed computing environment; 

the client requesting a capability credential to allow the client access to a portion of the 
first service's capabilities, wherein said requesting a capability credential 
comprises the client indicating a set of desired capabilities; 

the client receiving said capability credential, wherein said capability credential 
indicates that the client has the right to use only_said portion of the first 
service's capabilities, wherein said portion of the first service's 
capabilities is less than a total of the plurality of capabihties provided by 
the first service; and 

the client using said capabihty credential to access one or more of said portion of 
the first service's capabilities. 

2. The method as recited in claim 1, wherein said requesting a capabihty 
credential comprises the cHent sending a capability credential request message, wherein 
said capability credenfial request message comprises an idenfification of said first service 
and an indication of the set of desired capabilities. 

3. The method as recited in claim 2, wherein said idenfificafion of said first 
service comprises a Universal Unique Identifier (UUID). 
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4. The method as recited in claim 2, wherein said capabihty credential 
request message is formatted in extensible Markup Language (XML). 

5. The method as recited in claim 2, further comprising: 

the client receiving an advertisement for the first service, wherein said 
advertisement describes the portion of the first service's capabilities; and 

wherein said indication of the set of desired capabilities comprises an indication 
of said advertisement. 

6. The method as recited in claim 5, wherein said indication of said 
advertisement is said advertisement itself 

7. The method as recited in claim 5, wherein said indication of said 
advertisement is a Uniform Resource Identifier (URI) to said advertisement. 

9. The method as recited in claim 5, wherein said advertisement is a 
protected advertisement that describes the first service's capabilities but does not provide 
an interface to the first service's capabilities. 

10. The method as recited in claim 1, further comprising: 

the client receiving a protected advertisement for the first service, wherein said 
protected advertisement indicates an address for sending said capability 
credential request message to; and 

wherein said requesting a capability credential comprises the client sending a 
capability credential request message to said address indicated in said 
protected advertisement. 



09/653 .2 1 5 (5 1 8 1 -70400/P5200) 



43 



Meyertons, Hood, Kivlin, ICowert & Goetzel, P.C. 



11. The method as recited in claim 10, wherein said address indicated in said 
protected advertisement is for an authentication service, wherein said sending a capabiHty 
credential request message comprises sending said capability credential request message 
to said authentication service, the method further comprising the authentication service 
sending a credential request response message to the client in response to said capability 
credential request message. 

12. The method as recited in claim 11, wherein said credential request 
response message includes said capability credential, wherein said receiving said 
capability credential comprises receiving said capability credential from said 
authentication service in said credential request response message. 

13. The method as recited in claim 1, further comprising: 

the client receiving a protected advertisement for the first service, wherein said 
protected advertisement indicates an authentication service; and 

wherein said requesting a capability credential comprises the client requesting a 
capability credential from said authentication service. 

14. The method as recited in claim 13, the method further comprising: 

said authentication service determining a level of the first service's capabilities 
that the client is authorized to use; 

said authentication service generating said capability credential according to said 
level and said set of desired capabilities; and 

said authentication service sending said capability credential to the client, wherein 
said portion of the first service's capabilities that said capability credential 
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indicates that the client has a right to use is no more than said set of 
desired capabilities. 

15. The method as recited in claim 14, wherein said portion of the first 
service's capabilities that said capability credential indicates that the client has a right to 
use is the lesser of said level of the first service's capabilities that the client is authorized 
to use and said set of desired capabilities. 

16. The method as recited in claim 1, wherein said using said capabiUty 
credential to access one or more of said portion of the first services capabilifies comprises 
the client sending a message to the first service to access a first capability, wherein the 
message includes said capability credential, the method further comprising the first 
service authenticating said capability credential received in the message to verify that the 
client has the right to use said first capability. 

17. A cHent device, comprising: 

a connection to a distributed computing environment; 

an interface coupled to said connection and configured to locate a first service 
within the distributed computing environment, wherein the first service 
provides a plurality of capabilifies to clients executing in the distributed 
computing environment; 

wherein the interface is fiirther configured to request over the connection a 
capability credential for a set of desired capabilities to allow a client on 
the client device access to a portion of the first service's capabilities; 

wherein the interface is further configured to receive over the connecfion said 
capability credential, wherein said capability credential indicates that the 
client has the right to use only said portion of the first service's 
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capabilities, wherein said portion of the first service's capabilities is less 
that a total of the plurality of capabilities provided by the first service; and 

wherein the interface is further configured to use said capability credential to 
access one or more of said portion of the first service's capabilities. 

18. The client device as recited in claim 17, wherein the interface is 
configured to request a capability credential by sending a capability credential request 
message, wherein said capabiUty credential request message comprises an identification 
of said first service and an indication of the set of desired capabilities. 

19. The cHent device as recited in claim 18, wherein said identification of said 
first service comprises a Universal Unique Identifier (UUID). 

20. The client device as recited in claim 18, wherein said capability credential 
request message is formatted in extensible Markup Language (XML). 

21. The client device as recited in claim 18, wherein the interface is further 
configured to receive an advertisement for the first service, wherein said advertisement 
describes the portion of the first service's capabilities, and wherein said indication of the 
set of desired capabilities comprises an indication of said advertisement. 

22. The client device as recited in claim 21, wherein said indication of said 
advertisement is said advertisement itself 

23. The client device as recited in claim 22, wherein said indication of said 
advertisement is a Uniform Resource Identifier (URI) to said advertisement. 

25. The client device as recited in claim 21, wherein said advertisement is a 
protected advertisement that describes the first service's capabilities but does not provide 
an interface to the first service's capabilities. 
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26. The client device as recited in claim 17, wherein the interface is further 
configured to receive a protected advertisement for the first service, wherein said 
protected advertisement indicates an address for sending said capability credential request 
message to, and wherein the interface is configured to request a capability credential by 
sending a capability credential request message to said address indicated in said protected 
advertisement. 

27. The client device as recited in claim 26, wherein said address indicated in 
said protected advertisement is for an authentication service, wherein said sending a 
capability credential request message comprises sending said capability credential request 
message to said authentication service. 

28. The client device as recited in claim 27, wherein the interface is 
configured to receive said capability credential from said authentication service in a 
credential request response message. 

29. The client device as recited in claim 17, wherein the interface is further 
configure to; 

receive a protected advertisement for the first service, wherein said protected 
advertisement indicates an authentication service; and 

request a capability credential by requesting a capability credential from said 
authentication service. 

30. The client device as recited in claim 29, wherein said portion of the first 
service's capabilities that said capability credential indicates that the client has a right to 
use is the lesser of said level of the first service's capabilities that the client is authorized 
to use and said set of desired capabilities. 
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31. The client device as recited in claim 17, wherein the interface is 
configured to use said capability credential to access one or more of said portion of the 
first services capabilities for said client by sending a message to the first service to access 
a first capability, wherein the message includes said capability credential so that the first 
service may authenticate said capability credential received in the message to verify that 
the client has the right to use said first capability. 

32. The client device as recited in claim 17, wherein said interface comprises 
one or more processes executable on a processor within the cHent device. 

33. A tangible, computer accessible storage medium comprising program 
instructions, wherein the program instructions are computer-executable on a client device 
to implement: 

locating a first service within the distributed computing environment, wherein the 
first service provides a plurality of capabilities; 

requesting a capability credential to allow a client on the client device access to a 
portion of the first service's capabilities, wherein said requesting a 
capability credential comprises the client indicating a set of desired 
capabilities; 

receiving said capability credential, wherein said capability credential indicates 
that the client has the right to use only said portion of the first service's 
capabilities, wherein said portion of the first service's capabilities is less 
than a total of the plurality of capabilities provided by the first service; and 

using said capability credential to access one or more of said portion of the first 
service's capabilities. 
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34. The tangible, computer accessible medium as recited in claim 33, wherein 
said requesting a capability credential comprises the client sending a capability credential 
request message, wherein said capability credential request message comprises an 
identification of said first service and an indication of the set of desired capabilities. 

35. The tangible, computer accessible medium as recited in claim 34, wherein 
said identification of said first service comprises a Universal Unique Identifier (UUDD). 

36. The tangible, computer accessible medium as recited in claim 34, wherein 
said capability credential request message is formatted in extensible Markup Language 
(XML). 

37. The tangible, computer accessible medium as recited in claim 34, wherein 
the program instructions are computer-executable on the client device to further 
implement: 

receiving an advertisement for the first service, wherein said advertisement 
describes the portion of the first service's capabilities; and 

wherein said indication of the set of desired capabilities comprises an indication 
of said advertisement. 

38. The tangible, computer accessible medium as recited in claim 37, wherein 
said indication of said advertisement is said advertisement itself 

39. The tangible, computer accessible medium as recited in claim 37, wherein 
said indication of said advertisement is a Uniform Resource Identifier (URI) to said 
advertisement. 
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41. The tangible, computer accessible medium as recited in claim 37, wherein 
said advertisement is a protected advertisement that describes the first service's 
capabilities but does not provide an interface to the first service's capabilities. 

42. The tangible, computer accessible medium as recited in claim 33, v^herein 
the program instructions are computer-executable on the client device to fiirther 
implement: 

receiving a protected advertisement for the first service, wherein said protected 
advertisement indicates an address for sending said capability credential 
request message to; and 

wherein said requesting a capability credential comprises the client sending a 
capability credential request message to said address indicated in said 
protected advertisement. 

43. The tangible, computer accessible medium as recited in claim 42, wherein 
said address indicated in said protected advertisement is for an authentication service, 
wherein said sending a capability credential request message comprises sending said 
capability credential request message to said authentication service. 

44. The tangible, computer accessible medium as recited in claim 43, wherein 
said receiving said capability credential comprises receiving said capability credenfial 
fi-om said authentication service in a credential request response message. 

45. The tangible, computer accessible medium as recited in claim 33, wherein 
the program instructions are computer-executable on the client device to fiirther 
implement: 

receiving a protected advertisement for the first service, wherein said protected 
advertisement indicates an authentication service; and 
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wherein said requesting a capability credential comprises the client requesting a 
capability credential from said authentication service. 

46. The tangible, computer accessible medium as recited in claim 45, wherein 
said portion of the first service's capabilities that said capability credential indicates that 
the client has a right to use is the lesser of said level of the first service's capabilities that 
the client is authorized to use and said set of desired capabilifies. 

47. The tangible, computer accessible medium as recited in claim 33, wherein 
said using said capability credential to access one or more of said portion of the first 
services capabilifies comprises the client sending a message to the first service to access a 
first capability, wherein the message includes said capability credential so that the first 
service may authenticate said capability credential received in the message to verify that 
the client has the right to use said first capability. 
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IX. EVIDENCE APPENDIX 

No evidence submitted under 37 CFR §§ 1.130, 1.131 or 1.132 or otherwise 
entered by the Examiner is relied upon in this appeal. 
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X. RELATED PROCEEDINGS APPENDIX 

There are no related proceedings. 
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